VERIFICATION OF CHIPSET FIRMWARE UPDATES
In general, in one aspect, the disclosure describes an apparatus that includes updatable non-volatile memory to store firmware and non-updateable non-volatile memory to store an interrupt sequence. The apparatus includes a chip interface to receive an interrupt instruction from management firmware. Receipt of the interrupt instruction controls access to and initiation of the interrupt sequence. After initiation of the interrupt sequence the apparatus may receive a firmware update and/or validate the firmware is from a valid source. The validation of the firmware may include utilizing the management firmware to verify the cryptographic signature for the firmware.
Computer systems utilize integrated circuits (ICs) to perform various functions (e.g., chipsets are utilized in order to free processing resources for the processor). The ICs may run firmware that defines the functions performed thereby. The ICs may receive updated firmware from time to time. The ICs may not validate or be capable of validating the firmware updates came from a valid (e.g., certified) source. The computer system may rely on an implicit trust that the firmware running on these ICs is valid. Given the threat of firmware rootkits being used to modify the firmware this trust is misplaced.
The features and advantages of the various embodiments will become apparent from the following detailed description in which:
Computer systems may include a main processor (with one or more core), specific function processors (e.g., graphics processor) and other integrated circuits (ICs), such as chipsets and embedded controllers (ECs). The specific function processors and the ICs perform various functions in order to free processing resources for the main processor. The ICs may be limited to performing the functions defined in the firmware running thereon. The ICs may be capable of receiving and updating firmware running thereon but may not be capable of validating the firmware updates came from a valid (e.g., certified) source. A specific use processor may be capable of running management firmware thereon. The specific use processor may perform other functions besides the management functions (e.g., graphics processor) or may be a limited to management functions. The management firmware may provide various management functions, including but not limited to, secure communications, event tracking, error detection and correction, and reconfiguration. The management firmware may be a manageability engine (ME) such as that contained in Intel® chipsets with Active Management Technology. The management function is not limited to the ME, but it will be referred to herein as the ME for ease of discussion.
The ME interacts with the ICs and the firmware running thereon. The ME typically trusts that the firmware running on the ICs is valid even though the ICs may not validate or even be capable of validating the firmware updates. Accordingly, it is possible for one to maliciously modify the firmware running on the ICs. In order to validate the identity and integrity of firmware running on ICs (e.g., embedded controller (EC)), the firmware may be identified by a cryptographic signature that is generated based on the code and a public private key pair. A signature that is based on the code results in the signature of the firmware changing if the code is changed. A signature using a public private key pair means that any one with the public key may verify a signature but only those with the private key can generate a valid signature. If the firmware signature is verified, the identity and integrity of the firmware can be considered valid. However, if the signature is not verified the identity and integrity of the firmware may be considered invalid (e.g., the updates were provided by non-authorized entities). The ICs are not limited to an EC, but they will be referred to herein as the EC for ease of discussion.
The verification of the signature from the code and the public key requires some processing ability. According to one embodiment, the EC may store a public key therein and have the processing ability to verify the signature generated for the firmware based on the public key. The EC may also need the ability to determine and/or control the firmware updates and to initiate the verification process after the updates accordingly. Furthermore, in order to ensure that a hacker couldn't modify the public key at the same time they modified the code, the EC would need to have the ability to securely store the public key. It may not be practical to have the storage and/or processing ability on the EC (or other ICs).
According to one embodiment, the ME may be utilized to control the EC firmware updates and to verify the identity and integrity of the EC firmware by verifying the cryptographic signature for EC firmware using the public key. In order for the ME to verify the identity and integrity of the EC firmware, the ME needs to know the public key for the EC firmware. The public key may be stored in a configuration register within the ME that tracks various parameters about the configuration of the platform. The public key may be provided to the ME by the EC upon initial boot of the system or it may be burned into the ME during the manufacturing process.
After the ME stores the public key it may initiate a validation process 120. It should be noted that the process of providing the public key to the ME is predicated on the fact that the EC firmware installed in the factory is valid so that a verification of the signature would not be required. If the validation is initiated, the EC firmware may provide the firmware to the ME 125 so that the ME can utilize the public key to verify the signature. Upon successful verification of the signature, the ME may notify the EC firmware that the firmware was validated 130.
The ME may be utilized to control the EC firmware updates. The EC may receive firmware updates, or notification regarding the availability of firmware updates, but may wait to initiate the updates until instructed by the ME. The ME may also control the initiation of a validation sequence after an EC firmware update has been processed. If the validation (e.g., verification of the signature) is successful, the system may utilize the updated EC firmware. If the validation process is not successful, the system may reject the EC firmware update.
The interrupt sequence may interrupt the running of the firmware and may initiate the update sequence and/or the validation sequence. The update and validation sequences may automatically run after the interrupt or may be selected to run. The selection of the appropriate sequence to be run after the interrupt of the firmware may be controlled in any number of manners. For example, the EC firmware may wait for a command from the ME defining what to do next after the interrupt. The ME may provide commands defining what sequence to perform after the interrupt of the firmware is concluded. An appropriate sequence may be selected by the signal received on the chip interface 460 (e.g., a high signal may initiate the update sequence after the interrupt and a low signal may initiate the verification sequence or vice versa). The update sequence may be run after a first interrupt and the validation sequence may be run after a second interrupt. The validation sequence may be run only after an interrupt is received after the update sequence. The interrupt may run both sequences in order.
Although the disclosure has been illustrated by reference to specific embodiments, it will be apparent that the disclosure is not limited thereto as various changes and modifications may be made thereto without departing from the scope. Reference to “one embodiment” or “an embodiment” means that a particular feature, structure or characteristic described therein is included in at least one embodiment. Thus, the appearances of the phrase “in one embodiment” or “in an embodiment” appearing in various places throughout the specification are not necessarily all referring to the same embodiment.
The various embodiments are intended to be protected broadly within the spirit and scope of the appended claims.
Claims
1. An apparatus comprising
- updatable non-volatile memory to store apparatus firmware;
- non-updateable non-volatile memory to store an interrupt sequence; and
- a chip interface to receive of an interrupt instruction, wherein the receipt of the interrupt instruction is to control access to the interrupt sequence.
2. The apparatus of claim 1, wherein the interrupt sequence is to run upon receipt of the interrupt instruction.
3. The apparatus of claim 2, wherein the interrupt instruction is to be received from a processor running management firmware.
4. The apparatus of claim 3, wherein the apparatus is to await further instruction from the management firmware after running the interrupt sequence.
5. The apparatus of claim 3, wherein the updatable non-volatile memory is to receive and store updated apparatus firmware after running the interrupt sequence.
6. The apparatus of claim 5, wherein the updatable non-volatile memory is to request validation of the updated apparatus firmware after the updated apparatus firmware is stored.
7. The apparatus of claim 6, wherein the updatable non-volatile memory is to transmit the updated apparatus firmware to the management firmware to verify a cryptographic signature for the updated apparatus firmware.
8. A method comprising
- receiving an interrupt instruction from management firmware running on a processor, wherein the interrupt instruction is received on a chip interface;
- running an interrupt sequence contained in a non-updateable portion of non-volatile memory, wherein the interrupt sequence interrupts operation of apparatus firmware running from an updateable portion of the non-volatile memory; and
- receiving an additional instruction from the management firmware.
9. The method of claim 8, wherein the receiving an additional instruction includes initiating an update sequence to receive an apparatus firmware update.
10. The method of claim 9, wherein the initiating an update sequence includes receiving the apparatus firmware update from an operating system and storing the apparatus firmware update in the updateable portion of the non-volatile memory.
11. The method of claim 8, wherein the receiving an additional instruction includes initiating a validation sequence to validate the firmware update.
12. The method of claim 11, wherein the initiating a validation sequence includes
- providing at least a portion of the apparatus firmware and a cryptographic signature for at least a portion of the apparatus firmware to the management firmware to verify the apparatus firmware cryptographic signature, and
- receiving a verification status from the management firmware.
13. The method of claim 8, further comprising providing a public key to the management firmware, wherein the public key is used to verify a cryptographic signature for the firmware.
14. The method of claim 13, wherein the providing a public key includes providing the public key from the apparatus firmware upon initial platform boot.
15. The method of claim 8, wherein the receiving an interrupt instruction is in response to receiving notification that a firmware update is available.
16. A system comprising
- a processor to run management firmware, wherein the management firmware includes a configuration register to store a public key of a public private key pair used to generate a cryptographic signature; and
- at least one integrated circuit (IC) to run IC firmware, wherein the IC includes updatable non-volatile memory to store the IC firmware and a cryptographic signature for the IC firmware and non-updateable non-volatile memory to store an interrupt sequence, wherein the IC includes a chip interface to receive an interrupt instruction from the management firmware, wherein the receipt of the interrupt instruction is to control access to the interrupt sequence.
17. The system of claim 16, wherein the management firmware provides the interrupt instruction when IC firmware updates are available and instructs the IC to initiate an update sequence after the interrupt sequence is performed.
18. The system of claim 16, wherein the management firmware provides the interrupt instruction when IC firmware updates are complete and instructs the chipset to initiate a validation sequence after the interrupt sequence is performed.
19. The system of claim 16, wherein the public key is burned in the configuration register during manufacturing.
20. The system of claim 16, wherein the public key is provided to the management firmware during initial system boot up.
Type: Application
Filed: Sep 30, 2008
Publication Date: Apr 1, 2010
Inventors: Jasmeet Chhabra (Hillsboro, OR), Mazen Gedeon (Hillsboro, OR), Sanjay Bakshi (Beaverton, OR), Eli Kupermann (Maale)
Application Number: 12/242,835
International Classification: H04L 9/00 (20060101); G06F 12/14 (20060101); G06F 9/00 (20060101);